Element-It: >> Http Commander >> 5.3.3 Security Vulnerabilities
A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field.
CVSS Score
6.1
EPSS Score
0.007
Published
2022-03-03
A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to write files to arbitrary directories via relative paths in ZIP archives.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-07-14
A Cross-site scripting (XSS) vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-07-14
An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to retrieve HTTP and FTP files from the internal server network by inserting an internal address.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-07-14